package com.sun.portal.search.rdmserver;

import com.iplanet.am.sdk.AMStoreConnection;
import com.iplanet.am.sdk.AMUser;
import com.iplanet.am.util.AdminUtils;
import com.iplanet.am.util.SystemProperties;
import com.iplanet.sso.SSOException;
import com.iplanet.sso.SSOToken;
import com.iplanet.sso.SSOTokenManager;
import com.sun.identity.security.AdminDNAction;
import com.sun.identity.security.DecryptAction;
import com.sun.portal.rewriter.util.Constants;
import com.sun.portal.rproxy.configservlet.server.Operation;
import com.sun.portal.search.db.RDMSecurityManager;
import com.sun.portal.search.db.SToken;
import com.sun.portal.search.rdm.RDMRequest;
import com.sun.portal.search.soif.SOIF;
import com.sun.portal.search.util.CSLog;
import com.sun.portal.search.util.SearchConfig;
import java.security.AccessController;
import java.security.Principal;
import java.security.PrivilegedAction;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.Set;
import javax.servlet.http.HttpServletRequest;

/* JADX WARN: Classes with same name are omitted:
  input_file:118951-20/SUNWpsse/reloc/SUNWps/lib/searchserver.jar:com/sun/portal/search/rdmserver/DSameSecurityManager.class
 */
/* loaded from: input_file:118951-20/SUNWpsse/reloc/SUNWps/web-src/WEB-INF/lib/searchserver.jar:com/sun/portal/search/rdmserver/DSameSecurityManager.class */
public class DSameSecurityManager extends RDMSecurityManager {
    static final String ADMIN_CN = "cn=Top-level Admin Role";
    static boolean group_support = false;
    static String role_admin = null;

    public DSameSecurityManager() {
        String value = SearchConfig.getValue(SearchConfig.SECSUPERADMIN);
        if (value != null) {
            role_admin = value;
            CSLog.log(1, 2, new StringBuffer().append("SecMgr Conf: Admin is: (").append(role_admin).append(")").toString());
        } else {
            String stringBuffer = new StringBuffer().append(Operation.RANGE_STR).append(SystemProperties.get("com.iplanet.am.rootsuffix")).toString();
            if (stringBuffer == null) {
                String adminDN = AdminUtils.getAdminDN();
                CSLog.log(1, 2, new StringBuffer().append("SecMgr: AdminDN is: (").append(adminDN).append(") ").toString());
                int lastIndexOf = adminDN != null ? adminDN.lastIndexOf(Operation.RANGE_STR) : 0;
                stringBuffer = lastIndexOf > 0 ? adminDN.substring(lastIndexOf) : ",o=isp";
            }
            CSLog.log(1, 2, new StringBuffer().append("SecMgr: Top is: (").append(stringBuffer).append(") ").toString());
            role_admin = new StringBuffer().append(ADMIN_CN).append(stringBuffer).toString();
            CSLog.log(1, 2, new StringBuffer().append("SecMgr: Admin is: (").append(role_admin).append(")").toString());
        }
        String value2 = SearchConfig.getValue(SearchConfig.SECDSAME);
        if (value2 != null && value2.compareToIgnoreCase("ON") == 0) {
            group_support = true;
        }
        if (CSLog.getLogLevel() >= 5) {
            Enumeration<?> propertyNames = SystemProperties.getAll().propertyNames();
            while (propertyNames.hasMoreElements()) {
                String str = (String) propertyNames.nextElement();
                CSLog.log(1, 10, new StringBuffer().append(str).append(Constants.CHILD_PATTERN_SEPERATOR).append(SystemProperties.get(str)).append(Constants.NEW_LINE).toString());
            }
        }
    }

    private boolean check_list(SOIF soif, Set set) {
        boolean z = true;
        int i = 0;
        while (true) {
            String value = soif.getValue("readacl", i);
            if (value == null) {
                break;
            }
            z = false;
            if (set.contains(value)) {
                z = true;
                break;
            }
            i++;
        }
        return z;
    }

    private String set_dn_string(Set set) {
        if (set == null) {
            return "";
        }
        String str = "";
        Iterator it = set.iterator();
        while (it.hasNext()) {
            str = new StringBuffer().append(str).append(Operation.RANGE_STR).append(it.next().toString()).toString();
        }
        return str;
    }

    private String add_list(Set set) {
        if (set == null) {
            return "";
        }
        String str = "";
        Iterator it = set.iterator();
        while (it.hasNext()) {
            str = new StringBuffer().append(str).append(" or (ReadACL = \"").append(it.next().toString()).append("\")").toString();
        }
        return str;
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public String toString() {
        return "DSame -SecMgr";
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean initRDMSToken(Object obj, RDMRequest rDMRequest) throws Exception {
        return init_RDMSToken((HttpServletRequest) obj, rDMRequest);
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean initRDMSToken(RDMRequest rDMRequest) throws Exception {
        SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
        SSOToken sSOToken = null;
        String user = rDMRequest.getHeader().getUser();
        String password = rDMRequest.getHeader().getPassword();
        String accessToken = rDMRequest.getHeader().getAccessToken();
        if (user != null) {
            if (password == null) {
                password = "";
            }
            try {
                sSOToken = sSOTokenManager.createSSOToken(new Principal(this, user) { // from class: com.sun.portal.search.rdmserver.DSameSecurityManager.1
                    private final String val$user;
                    private final DSameSecurityManager this$0;

                    {
                        this.this$0 = this;
                        this.val$user = user;
                    }

                    @Override // java.security.Principal
                    public String getName() {
                        return this.val$user;
                    }
                }, password);
            } catch (SSOException e) {
            }
        } else if (accessToken != null) {
            try {
                sSOToken = sSOTokenManager.createSSOToken(accessToken);
            } catch (SSOException e2) {
            }
        }
        if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
            return false;
        }
        rDMRequest.setSToken(new SToken(sSOToken, true, true));
        return true;
    }

    private boolean init_RDMSToken(HttpServletRequest httpServletRequest, RDMRequest rDMRequest) throws Exception {
        if (rDMRequest.getSToken() != null) {
            return true;
        }
        SSOTokenManager sSOTokenManager = SSOTokenManager.getInstance();
        SSOToken sSOToken = null;
        try {
            sSOToken = sSOTokenManager.createSSOToken(httpServletRequest);
        } catch (SSOException e) {
        }
        if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
            String user = rDMRequest.getHeader().getUser();
            String password = rDMRequest.getHeader().getPassword();
            String accessToken = rDMRequest.getHeader().getAccessToken();
            if (user != null) {
                try {
                    sSOToken = sSOTokenManager.createSSOToken(new Principal(this, user) { // from class: com.sun.portal.search.rdmserver.DSameSecurityManager.2
                        private final String val$user;
                        private final DSameSecurityManager this$0;

                        {
                            this.this$0 = this;
                            this.val$user = user;
                        }

                        @Override // java.security.Principal
                        public String getName() {
                            return this.val$user;
                        }
                    }, password == null ? "" : new String(AccessController.doPrivileged((PrivilegedAction) new DecryptAction(password)).toString()));
                } catch (SSOException e2) {
                }
            } else if (accessToken != null) {
                try {
                    sSOToken = sSOTokenManager.createSSOToken(accessToken);
                } catch (SSOException e3) {
                    try {
                        sSOToken = sSOTokenManager.createSSOToken(new Principal(this) { // from class: com.sun.portal.search.rdmserver.DSameSecurityManager.3
                            private final DSameSecurityManager this$0;

                            {
                                this.this$0 = this;
                            }

                            @Override // java.security.Principal
                            public String getName() {
                                return (String) AccessController.doPrivileged((PrivilegedAction) new AdminDNAction());
                            }
                        }, new String(AccessController.doPrivileged((PrivilegedAction) new DecryptAction(accessToken)).toString()));
                    } catch (SSOException e4) {
                    }
                }
            }
        }
        if (sSOToken == null || !sSOTokenManager.isValidToken(sSOToken)) {
            return true;
        }
        SToken sToken = new SToken(sSOToken, true, true);
        sToken.setProxyDN(httpServletRequest.getParameter("proxyDN"));
        rDMRequest.setSToken(sToken);
        return true;
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public SOIF filter(SToken sToken, SOIF soif) throws Exception {
        if (sToken == null) {
            if (soif.contains("readacl")) {
                return null;
            }
            return soif;
        }
        if (!sToken.getCheckDB()) {
            return soif;
        }
        if (!sToken.isProxy() && sToken.getNativeToken() == null) {
            if (soif.contains("readacl")) {
                return null;
            }
            return soif;
        }
        SSOToken sSOToken = (SSOToken) sToken.getNativeToken();
        AMStoreConnection aMStoreConnection = new AMStoreConnection(sSOToken);
        String name = sSOToken.getPrincipal().getName();
        AMUser user = aMStoreConnection.getUser(name);
        boolean z = true;
        Set roleDNs = user.getRoleDNs();
        if ("true".equals(SearchConfig.getValue(SearchConfig.SECDSAME_USE_FILTERED_ROLES))) {
            roleDNs.addAll(user.getFilteredRoleDNs());
        }
        if (roleDNs.contains(role_admin) && 0 == 0) {
            return soif;
        }
        Set set = null;
        Set set2 = null;
        if (group_support) {
            set = user.getStaticGroupDNs();
            set2 = user.getAssignableDynamicGroupDNs();
        }
        int i = 0;
        while (true) {
            if (soif == null) {
                z = false;
                break;
            }
            String value = soif.getValue("readacl", i);
            if (value == null) {
                break;
            }
            z = false;
            if (name.compareTo(value) == 0 || ((roleDNs != null && roleDNs.contains(value)) || (group_support && ((set != null && set.contains(value)) || (set2 != null && set2.contains(value)))))) {
                break;
            }
            i++;
        }
        z = true;
        if (z) {
            return soif;
        }
        return null;
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public boolean checkSecurity() {
        return true;
    }

    private void checkRoleAdmin(AMStoreConnection aMStoreConnection, String str) throws Exception {
        String substring;
        if (role_admin == null) {
            Set topLevelContainers = aMStoreConnection.getTopLevelContainers();
            if (topLevelContainers.size() > 0) {
                substring = set_dn_string(topLevelContainers);
            } else {
                int lastIndexOf = str.lastIndexOf(Operation.RANGE_STR);
                substring = lastIndexOf > 0 ? str.substring(lastIndexOf) : ",o=isp";
            }
            CSLog.log(1, 2, new StringBuffer().append("SecMgr: Top is: (").append(substring).append(") ").append(topLevelContainers.size()).toString());
            role_admin = new StringBuffer().append(ADMIN_CN).append(substring).toString();
            CSLog.log(1, 2, new StringBuffer().append("SecMgr: Admin is: (").append(role_admin).append(")").toString());
        }
    }

    @Override // com.sun.portal.search.db.RDMSecurityManager
    public String qualify_Nova_Query(SToken sToken, String str) throws Exception {
        String stringBuffer;
        String name;
        AMUser user;
        Set roleDNs;
        if (sToken != null && sToken.getNativeToken() != null) {
            sToken.setCheckDB(false);
            SSOToken sSOToken = (SSOToken) sToken.getNativeToken();
            try {
                AMStoreConnection aMStoreConnection = new AMStoreConnection(sSOToken);
                name = sSOToken.getPrincipal().getName();
                if (sToken.isProxy() && name.equals(AdminUtils.getAdminDN())) {
                    name = sToken.getProxyDN();
                }
                user = aMStoreConnection.getUser(name);
                roleDNs = user.getRoleDNs();
                if ("true".equals(SearchConfig.getValue(SearchConfig.SECDSAME_USE_FILTERED_ROLES))) {
                    roleDNs.addAll(user.getFilteredRoleDNs());
                }
            } catch (SSOException e) {
                CSLog.log(1, 3, "SecMgr: Failed to qualify query - falling back to ReadACL=\"\"");
                stringBuffer = new StringBuffer().append("(").append(str).append(") <AND> (ReadACL=\"\")").toString();
            }
            if (roleDNs.contains(role_admin) && !sToken.isProxy()) {
                return str;
            }
            String stringBuffer2 = new StringBuffer().append("").append(add_list(roleDNs)).toString();
            if (group_support) {
                stringBuffer2 = new StringBuffer().append(new StringBuffer().append(stringBuffer2).append(add_list(user.getStaticGroupDNs())).toString()).append(add_list(user.getAssignableDynamicGroupDNs())).toString();
            }
            stringBuffer = stringBuffer2.length() > 3 ? new StringBuffer().append("(").append(str).append(") <AND> ( (ReadACL = \"\") or (ReadACL = \"").append(name).append("\")").append(stringBuffer2).append(")").toString() : new StringBuffer().append("(").append(str).append(") <AND> ( (ReadACL = \"\") or (ReadACL = \"").append(name).append("\") )").toString();
            CSLog.log(1, 3, new StringBuffer().append("SecMgr: ").append(stringBuffer).toString());
            return stringBuffer;
        }
        return new StringBuffer().append("(").append(str).append(") <AND> (ReadACL=\"\")").toString();
    }
}
